CI/CD (Infrastructure) Bill of Material #10

bajpaigarima · 2022-03-24T11:47:08Z

A CI/CD Bill of Materials can be used to support the systematic review of known security vulnerabilities in open source components and approval of each component’s
An CI/CD BOM is useful both to the builder (manufacturer) and the buyer (customer) of a software product
Cyber Supply Chain Management and Transparency Act of 2014[10] was US legislation that proposed to require government agencies to obtain SBOMs for any new products they purchase, so it can help CI/CD consumers and producers

kcollasarundell · 2022-03-29T23:44:59Z

This would likely combine well with a post\subsection on transparency logs.
The ability to provide a historic tamper resistant view of not just the SBOM but attestations on testing, validation and build process. As well as combining with the automation to prevent unsigned resources from being run-able.

bradmccoydev · 2022-07-22T15:47:38Z

@Saim-Safdar can help connect with Tracy Ragan and Steve Taylor on this.

bajpaigarima assigned bajpaigarima and unassigned bajpaigarima Mar 24, 2022

bajpaigarima self-assigned this Mar 24, 2022

bajpaigarima added the enhancement New feature or request label Mar 24, 2022

bajpaigarima assigned bajpaigarima and moise3 and unassigned bajpaigarima Mar 24, 2022

ixchelruiz self-assigned this Mar 25, 2022

mnemonic01 unassigned ixchelruiz, moise3 and bajpaigarima Mar 25, 2022

agileguru self-assigned this Apr 22, 2022

moise3 self-assigned this Apr 22, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI/CD (Infrastructure) Bill of Material #10

CI/CD (Infrastructure) Bill of Material #10

bajpaigarima commented Mar 24, 2022

kcollasarundell commented Mar 29, 2022

bradmccoydev commented Jul 22, 2022

CI/CD (Infrastructure) Bill of Material #10

CI/CD (Infrastructure) Bill of Material #10

Comments

bajpaigarima commented Mar 24, 2022

kcollasarundell commented Mar 29, 2022

bradmccoydev commented Jul 22, 2022